GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,393 Commits 19 Branches 88 Tags
01a9815bdf055693181bdd28b8c23c629aa7a262
Commit Graph

3393 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alan Jowett
01a9815bdf Set disconnect reason when updating ban-ip 
Resolves: #360

Signed-off-by: Alan Jowett alan.jowett@microsoft.com
 2020-11-06 13:16:32 -07:00
Nikos Mavrogiannopoulos
82fc1e4881 Merge branch 'tmp-enhance-syscalls' into 'master' 
worker-privs: enhanced with syscalls used by socket wrapper

See merge request openconnect/ocserv!233
 2020-11-01 22:27:55 +00:00
Nikos Mavrogiannopoulos
4afbf8fdb2 Merge branch 'tmp-init-snapshot' into 'master' 
set_env_from_ws: ensure there are no uninitialized variables from snapshot

See merge request openconnect/ocserv!231
 2020-11-01 21:39:29 +00:00
Nikos Mavrogiannopoulos
9521918143 worker-privs: allow new syscalls 
This adds the syscalls used by socket wrapper as observed
in Fedora builders, as well as syscalls observed in different
platforms such as aarch64.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-30 22:31:59 +01:00
Nikos Mavrogiannopoulos
d83a39da51 set_env_from_ws: ensure there are no uninitialized variables from snapshot 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-30 22:11:09 +01:00
Nikos Mavrogiannopoulos
940e489500 .gitlab-ci.yml: i386/Debian: do not run on schedules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-21 16:30:09 +02:00
Nikos Mavrogiannopoulos
37856ba314 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-19 21:38:35 +02:00
Alan Jowett
73ebc58265 Merge branch 'issue359' into 'master' 
Allow setup of new DTLS session while processing on old session

Closes #359

See merge request openconnect/ocserv!223
 2020-10-19 17:21:33 +00:00
Alan Jowett
3436705a9c Allow setup of new DTLS session while processing on old session 
Resolves: #359

Signed-off-by: Alan Jowett alan.jowett@microsoft.com
 2020-10-19 10:36:03 -06:00
Nikos Mavrogiannopoulos
c5d3e4f321 Merge branch 'tmp-inih-update' into 'master' 
inih: increase the limit for a config line

Closes #364

See merge request openconnect/ocserv!230
 2020-10-18 19:58:51 +00:00
Nikos Mavrogiannopoulos
b7575cc220 tests: fixed space after \ 
Also ensure that similar warnings are treated as errors
in CI.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-18 21:15:40 +02:00
Nikos Mavrogiannopoulos
16bfb30586 inih: reintroduced INI_STOP_ON_FIRST_ERROR 
This also introduces better error reporting to inih, and
handling of the errors received by inih.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-18 21:05:08 +02:00
Nikos Mavrogiannopoulos
c49d981274 inih: updated to latest version 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-18 21:05:05 +02:00
Nikos Mavrogiannopoulos
66a263e477 tests: increase the size of a transmitted banner to reproduce #364 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-18 13:30:12 +02:00
Nikos Mavrogiannopoulos
e7233819da inih: increased max line size 
This also removes the stop on first error directive
which was set but not used for very long time.

Resolves: #364

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-18 13:30:00 +02:00
Alan Jowett
117bad2e29 Merge branch 'issue362' into 'master' 
Log disconnects from TCP healt probe at debug level

See merge request openconnect/ocserv!229
 2020-10-16 15:56:53 +00:00
Alan Jowett
6fe6926cff Log disconnects from TCP healt probe at debug level 
Signed-off-by: Alan Jowett alan.jowett@microsoft.com
 2020-10-16 09:13:49 -06:00
Alan Jowett
1b938f8726 Merge branch 'user/alanjo/issue365' into 'master' 
Log fatal key retrieval errors at LOG_ERR

Closes #365

See merge request openconnect/ocserv!228
 2020-10-14 22:30:48 +00:00
Alan Jowett
f116c134a4 Log fatal key retrieval errors at LOG_ERR 
Resolves #365

Signed-off-by: Alan Jowett alan.jowett@microsoft.com
 2020-10-14 15:47:48 -06:00
Alan Jowett
0d3d0dbd3d Merge branch 'malloc_enforce' into 'master' 
Raise warning level on malloc to catch double frees earlier.

See merge request openconnect/ocserv!227
 2020-10-09 16:23:15 +00:00
Alan Jowett
afe437f8eb Raise warning level on malloc to catch double frees earlier. 
Signed-off-by: Alan Jowett alan.jowett@microsoft.com
 2020-10-09 09:39:35 -06:00
Alan Jowett
c106bb86fc Merge branch 'issue363' into 'master' 
Latency stats should be at LOG_DEBUG not LOG_INFO level

Closes #363

See merge request openconnect/ocserv!225
 2020-10-07 19:52:35 +00:00
Alan Jowett
f0f90ef4d7 Merge branch 'issue362' into 'master' 
TCP health probes shouldn't be logged at INFO level

Closes #362

See merge request openconnect/ocserv!224
 2020-10-07 19:39:40 +00:00
Alan Jowett
cd0f382628 Latency stats should be at LOG_DEBUG not LOG_INFO level 
Resolves: #363

Signed-off-by: Alan Jowett alan.jowett@microsoft.com
 2020-10-07 13:09:05 -06:00
Alan Jowett
7ffb4d1ca2 TCP health probes shouldn't be logged at INFO level 
Resolves: #362

Signed-off-by: Alan Jowett alan.jowett@microsoft.com
 2020-10-07 12:56:24 -06:00
Nikos Mavrogiannopoulos
f8ff70a098 NEWS: updated 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-02 21:56:48 +02:00
Alan Jowett
f94b54341e Merge branch 'issue360' into 'master' 
Don't apply BanIP checks to clients on the same subnet.

Closes #360

See merge request openconnect/ocserv!222
 2020-10-01 21:22:45 +00:00
Alan Jowett
5b402014fd Don't apply BanIP checks to clients on the same subnet. 
Resolves #360

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
 2020-10-01 11:59:41 -06:00
Alan Jowett
8cc7fed172 Merge branch 'issue357-part1' into 'master' 
Don't attempt TLS if the client closes the connection with zero data sent.

Closes #357

See merge request openconnect/ocserv!221
 2020-09-30 22:46:37 +00:00
Alan Jowett
7a924b6d9c Don't attempt TLS if the client closes the connection with zero data sent. 
Resolves #357

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
 2020-09-30 16:03:38 -06:00
Nikos Mavrogiannopoulos
7c0c6ec1ad Merge branch 'tmp-remove-todo' into 'master' 
Removed TODO file; it is out-of-date

See merge request openconnect/ocserv!220
 2020-09-30 19:06:06 +00:00
Nikos Mavrogiannopoulos
333bbd536c Removed TODO file; it is out-of-date 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-30 20:00:26 +02:00
Nikos Mavrogiannopoulos
71e36ccae4 README.md: corrected links 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-29 23:43:07 +02:00
Nikos Mavrogiannopoulos
2a1e91795b Merge branch 'tmp-drain-ms-repro' into 'master' 
Stop listening on ocserv-sm socket on error to prevent looping.

Closes #356

See merge request openconnect/ocserv!219
 2020-09-29 21:39:09 +00:00
Alan Jowett
12c3d62276 Stop listening on ocserv-sm socket on error to prevent looping. 
Resolves #356

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
 2020-09-29 22:51:52 +02:00
Nikos Mavrogiannopoulos
53c8c0f139 tests: added reproducer for drain-server-ms failure 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-29 22:51:47 +02:00
Nikos Mavrogiannopoulos
58c08279bd sample.config: moved server-drain-ms to a more suitable section of the file 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-29 21:37:26 +02:00
Nikos Mavrogiannopoulos
067c96cb06 tests: renamed test-drain-server to drain-server 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-29 21:07:47 +02:00
Nikos Mavrogiannopoulos
5879a6b6dd .mailmap: added aliases of Mike 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-22 21:59:02 +02:00
Nikos Mavrogiannopoulos
21c6b981be .mailmap: added aliases of Alan 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-22 21:57:33 +02:00
Nikos Mavrogiannopoulos
b9f8ea6b6c bumped version for 1.1.1 release 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.1.1 		2020-09-21 12:21:21 +02:00
Nikos Mavrogiannopoulos
3426b8f6c9 ocpasswd.8: document the current behavior of ignoring groups 
Resolves: #353

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-21 12:16:51 +02:00
Nikos Mavrogiannopoulos
61c2b5c155 Merge branch 'tmp-nanosleep' into 'master' 
disable_system_calls: added clock_nanosleep

See merge request openconnect/ocserv!216
 2020-09-21 07:24:23 +00:00
Nikos Mavrogiannopoulos
8208f74138 disable_system_calls: added clock_nanosleep 
It seems that new fedora versions depend on it for nanosleep().

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-21 08:41:32 +02:00
William Dauchy
3ba9ebdab0 tests, radius-group: fix unstable tests 
- print outfile instead of new command; this will help debug when an
  issue occurs, to know what was the original output
- also add some time between tests to avoid race; this was failing on
  "could not find group information"

  Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(PSK)-(AES-256-GCM).
      inet 192.168.93.190/32 scope global tun0
  PING 192.168.93.1 (192.168.93.1) 56(84) bytes of data.
  64 bytes from 192.168.93.1: icmp_seq=1 ttl=64 time=0.217 ms
  64 bytes from 192.168.93.1: icmp_seq=2 ttl=64 time=0.246 ms
  64 bytes from 192.168.93.1: icmp_seq=3 ttl=64 time=0.235 ms

  --- 192.168.93.1 ping statistics ---
  3 packets transmitted, 3 received, 0% packet loss, time 2052ms
  rtt min/avg/max/mdev = 0.217/0.232/0.246/0.011 ms

  could not find group information

Signed-off-by: William Dauchy <w.dauchy@criteo.com>
 2020-09-20 22:11:25 +02:00
William Dauchy
80babceacf listen-netns: fix worker case for DTLS 
while using udp, we later open a file descriptor for the worker. With a
listen netns config, I overlooked this case which oblige me to move the
struct containing the file descriptor in the main one. Then I can access
them from each worker to make it possible to open the socket in the
correct netns. I also need to keep the netns fd open during the whole
life of the process.

the issue was not visible on a tcp-only case, but while using udp you
can see logs such as:

main[user]: x.x.x.x:54024 bind UDP to 0.0.0.0:443: Cannot assign requested address
worker[user]: x.x.x.x setting up DTLS-PSK connection
main[user]: x.x.x.x:54024 bind UDP to 0.0.0.0:443: Cannot assign requested address

update tests to reflects that:
- instead of creating our own netns, use the one created in common.sh
- we start server in ns1, but listen in ns2, and test client from ns3
  (we don't want to listen in ns1 to test listen-ns)

Signed-off-by: William Dauchy <w.dauchy@criteo.com>
 2020-09-20 21:49:08 +02:00
Nikos Mavrogiannopoulos
8f6ff20f66 Merge branch 'minor' into 'master' 
cosmetic fixes for rx/tx per sec limit

See merge request openconnect/ocserv!214
 2020-09-16 12:17:06 +00:00
Yousong Zhou
c47911a7d0 Fix typo in comment of sample config 
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 2020-09-15 19:14:50 +08:00
Yousong Zhou
5cb41a570b Fix display of rx/tx per sec limit 
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 2020-09-15 19:14:37 +08:00
Nikos Mavrogiannopoulos
f1c093f8a8 Merge branch 'tmp-ocserv-group' into 'master' 
radius: ignore redundant group class

Closes #332

See merge request openconnect/ocserv!213
 2020-09-07 18:05:06 +00:00